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Claims 2, 8-1 1, 20, 22-25 and 30. 



1. (Currently Amended) A kernel-level transaction system, 
comprising: 

a memory; 

one or more processors operatively coupled to the memory and disposed 
within one or more devices ; 

a transaction manager disposed within each device, each said transaction 
manager including plural a plurality of kernel objects to implement a transaction 
having plural operations , wherein the plurality of kernel objects include a 
transaction object to represent a transaction, a resource manager object to 
represent a resource participating in the transaction, and an enlistment object to 
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enlist participants in the transaction, wherein the transaction is performed at the 
kernel level ; and 

a security descriptor, applied to at least one of the kernel objects, to identify 
at least one user, to identify one of the operations of the transaction that may be 
performed on the kernel object to which the security descriptor is applied, and to 
identify a right indicating that the identified user is permitted or prohibited to 
perform the operation. 

2. (Canceled) 

3. (Original) A system according to claim 1, wherein the security 
descriptor comprises at least one access control entry (ACE), which includes a 
security identifier (SID) and rights corresponding to the SID. 

4. (Currently Amended) A system according to claim [[2]] 1, wherein 
the security descriptor is applied to the transaction object, and the operation 
identified by the security descriptor includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 
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5. (Currently Amended) A system according to claim [[2]] 1, wherein 
the security descriptor is applied to the resource manager object, and the operation 
identified by the security descriptor includes at least one of: 

retrieve information regarding the resource manager object, 
set information regarding the resource manager object, 
determine the state of a transaction at a moment of transaction failure, 
enlist the resource manager object in a transaction, 
register the resource manager object in the transaction, 
receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

6. (Currently Amended) A system according to claim [[2]] 1, wherein 
the security descriptor is applied to the enlistment object, and the operation 
identified by the security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 

7. (Currently Amended) A method of implementing a kernel-level 
transaction, comprising: 
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attaching a security descriptor to at least one of plural a plurality of kernel 
objects utilized in a transaction; and 

performing an operation for a transaction on the at least one kernel object in 
accordance with the rights accorded by the security descriptor attached to the at 
least one kernel object , wherein the security descriptor includes identification for 
at least one user, an operation that is able to be performed on the at least one 
kernel object to which the security descriptor is attached, and a right indicating 
that the identified user is permitted or prohibited to perform the operation, and 
further wherein the at least one kernel object comprises a transaction object, a 
resource manager object and/or an enlistment object . 

8. (Canceled) 

9. (Canceled) 

10. (Canceled) 

11. (Canceled) 

12. (Currently Amended) A method according to claim [[9]] 7, 
wherein the operation identified by the security descriptor attached to the 
transaction object includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 
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abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

13. (Currently Amended) A method according to claim [[10]] 7, 
wherein the operation identified by the security descriptor attached to the resource 
manager object includes at least one of: 

retrieve information regarding the resource manager object, 
set information regarding the resource manager object, 
determine the state of a transaction at a moment of transaction failure, 
enlist the resource manager object in a transaction, 
register the resource manager object in the transaction, 
receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

14. (Currently Amended) A method according to claim [[11]] 7, 
wherein the operation identified by the security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure, 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 
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15. (Currently Amended) A computer-readable medium having stored 
thereon an object attached to a kernel object, the object comprising: 

a first data entry identifying at least one user; 

a second data entry identifying an operation capable of being performed on 
the kernel object by the user identified by the first data entr y, wherein the kernel 
object comprises a transaction object, a resource manager object and/or an 
enlistment object ; and 

a third data entry indicating a right for the user identified by the first data 
entry to perform the operation identified by the second data entry; 

wherein the object attached to the kernel object is a security descriptor . 

16. (Original) A computer-readable medium according to claim 15, 
wherein the kernel object is a transaction object, and the identified operation 
includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 
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17. (Original) A computer-readable medium according to claim 15, 
wherein the kernel object is a resource manager object, and the identified 
operation includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 

register the resource manager object in the transaction, 

receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 



18. (Original) A computer-readable medium according to claim 15, 
wherein the kernel object is an enlistment object, and the identified operation 
includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure, 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 



19. (Currently amended) A transaction method, comprising: 
implementing a transaction among kernel objects; and 
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securing the transaction utilizing an operating system security model that 
applies a security descriptor to at least one of the kernel objects participating in the 
transaction; 

wherein the security descriptor includes identification for at least one user, 
an operation to be performed on the at least one kernel object to which the security 
descriptor is attached, and a right indicating that the identified user is permitted or 
prohibited to perform the operation and each of the kernel objects comprise a 
transaction object, a resource manager object and/or an enlistment object . 

20. (Canceled) 

21. (Currently Amended) A method of implementing a transaction, 
comprising: 

attaching a security descriptor to at least one of plural a plurality of objects 
utilized in a transaction , wherein the security descriptor includes identification for 
at least one user, an operation to be performed on the at least one kernel object to 
which the security descriptor is attached, and a right indicating that the identified 
user is permitted or prohibited to perform the operation and each of the kernel 
objects comprise a transaction object, a resource manager object and/or an 
enlistment object ; and 

performing an operation for a transaction on the at least one object in 
accordance with the rights accorded by the security descriptor attached to the at 
least one object. 



22. (Canceled) 
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23. (Canceled). 



24. (Canceled) 

25. (Canceled) 

26. (Currently Amended) A method according to claim [[23]] 2J_, 
wherein the operation identified by the security descriptor attached to the 
transaction object includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

27. (Currently Amended) A method according to claim [[24]] 2J_, 
wherein the operation identified by the security descriptor attached to the resource 
manager object includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 
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register the resource manager object in the transaction, 
receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

28. (Currently Amended) A method according to claim [[25]] 2J_, 
wherein the operation identified by the security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, 

determine a state of enlistments at a moment of transaction failure, 

obtain and reference an enlistment key, 

rollback the transaction and to respond to notifications, and 

perform operations a superior transaction manager would perform. 

29. (Currently Amended): A kernel-level transaction system, 
comprising: 

a memory; 

one or more processors operatively coupled to the memory; 

means for implementing a transaction among kernel objects , wherein the 
kernel objects include a transaction object to represent a transaction, a resource 
manager object to represent a resource participating in the transaction, and an 
enlistment object to enlist participants in the transaction, wherein the transaction is 
performed at the kernel level ; and 

means for securing the transaction by applying a security descriptor to at 
least one of the kernel objects, 
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wherein the security descriptor identifies at least one user, an operation to 
be performed on the kernel object to which the security descriptor is applied, and a 
right indicating that the identified user is permitted or prohibited to perform the 
operation. 

30. (Canceled) 

31. (Currently Amended) A system according to claim [[30]] 29, 
wherein the security descriptor is applied to the transaction object, and the 
operation identified by the security descriptor includes at least one of: 

set information regarding the transaction object, 

enlist the transaction object in the transaction, 

render data updates in connection with the transaction object durable, 

abort the operation on the transaction object, 

transmit data from the transaction object to another object, 

save the current point of the transaction at the transaction object, and 

transmit data regarding the transaction to another device. 

32. (Currently Amended) A system according to claim [[30]] 29, 
wherein the security descriptor is applied to the resource manager object, and the 
operation identified by the security descriptor includes at least one of: 

retrieve information regarding the resource manager object, 

set information regarding the resource manager object, 

determine the state of a transaction at a moment of transaction failure, 

enlist the resource manager object in a transaction, 
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register the resource manager object in the transaction, 
receive notification upon resolution of a transaction at the resource manager 
object, and 

set resource data in accordance with the transaction resolution. 

33. (Currently Amended) A system according to claim [[30]] 29, 
wherein the security descriptor is applied to the enlistment object, and the 
operation identified by the security descriptor includes at least one of: 

get information regarding the enlistment object, 

set information regarding the enlistment object, and 

determine a state of enlistments at a moment of transaction failure. 
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